diff options
| author | Christoph Wurst <christoph@owncloud.com> | 2016-05-08 19:31:42 +0200 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2016-05-11 13:36:46 +0200 |
| commit | 69dafd727dc848e3be541ae15bd88d01037cfab0 (patch) | |
| tree | 31b717a904e28969091b881316b267babd27c0c8 /lib/private | |
| parent | af707fba41634b70115d47de86efe2ce2bf3d3b6 (diff) | |
| download | nextcloud-server-69dafd727dc848e3be541ae15bd88d01037cfab0.tar.gz nextcloud-server-69dafd727dc848e3be541ae15bd88d01037cfab0.zip | |
delete the token in case an exception is thrown when decrypting the password
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/Authentication/Token/DefaultTokenProvider.php | 9 | ||||
| -rw-r--r-- | lib/private/User/Session.php | 14 |
2 files changed, 18 insertions, 5 deletions
diff --git a/lib/private/Authentication/Token/DefaultTokenProvider.php b/lib/private/Authentication/Token/DefaultTokenProvider.php index 53ecb562a8d..a6641277cf9 100644 --- a/lib/private/Authentication/Token/DefaultTokenProvider.php +++ b/lib/private/Authentication/Token/DefaultTokenProvider.php @@ -22,6 +22,7 @@ namespace OC\Authentication\Token; +use Exception; use OC\Authentication\Exceptions\InvalidTokenException; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Utility\ITimeFactory; @@ -192,7 +193,13 @@ class DefaultTokenProvider implements IProvider { */ private function decryptPassword($password, $token) { $secret = $this->config->getSystemValue('secret'); - return $this->crypto->decrypt($password, $token . $secret); + try { + return $this->crypto->decrypt($password, $token . $secret); + } catch (Exception $ex) { + // Delete the invalid token + $this->invalidateToken($token); + throw new InvalidTokenException(); + } } } diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php index 0351125b5d9..0b0d298db24 100644 --- a/lib/private/User/Session.php +++ b/lib/private/User/Session.php @@ -69,10 +69,10 @@ use OCP\Session\Exceptions\SessionNotAvailableException; * @package OC\User */ class Session implements IUserSession, Emitter { - /* * @var Manager $manager */ + private $manager; /* @@ -107,8 +107,7 @@ class Session implements IUserSession, Emitter { * @param IProvider $tokenProvider * @param IProvider[] $tokenProviders */ - public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider, - array $tokenProviders = []) { + public function __construct(IUserManager $manager, ISession $session, ITimeFactory $timeFacory, $tokenProvider, array $tokenProviders = []) { $this->manager = $manager; $this->session = $session; $this->timeFacory = $timeFacory; @@ -230,7 +229,14 @@ class Session implements IUserSession, Emitter { $lastCheck = $this->session->get('last_login_check') ? : 0; $now = $this->timeFacory->getTime(); if ($lastCheck < ($now - 60 * 5)) { - $pwd = $this->tokenProvider->getPassword($token, $sessionId); + try { + $pwd = $this->tokenProvider->getPassword($token, $sessionId); + } catch (InvalidTokenException $ex) { + // An invalid token password was used -> log user out + $this->logout(); + return; + } + if ($this->manager->checkPassword($user->getUID(), $pwd) === false) { // Password has changed -> log user out $this->logout(); |